The rapid shift to remote working for many organizations, due to the COVID-19 pandemic, has led to the emergence of new threats, forcing IT teams to rewrite their security playbooks.
According to Syam Thommandru, Cybersecurity Associate Vice President and Product Management Head at HCL Technologies, the key to developing a truly resolute enterprise security ecosystem lies in adhering to two broad principles—using the right digital tools in the right ways, and enacting an effective user training program.
Thommandru says1 that the immediate measures every enterprise, irrespective of its size and business domain, should take include:
Continuous and regularly updated training sessions for all system users on the various non-digital threats. While technology tools can protect users to a degree, they themselves are the first line of defense. This includes educating users with regular updates on social engineering tactics such as phishing, personal device vulnerability awareness such as SIM swapping, and teaching them safe online behaviors.
Today’s enterprises are digitally fluid, reliant on multiple devices and users across common systems. This is where verifying user credentials cannot be a passive process. Adding tools—such as multi-factor security with device location verification, network access point awareness, and verified privileged user security measures—can be critical to preventing unauthorized access.
As we learned from the Twitter breach, user-data behind the protection of a firewall is easily vulnerable as the threat can emerge from a super-user within the security system. Following an end-to-end data encryption practice ensures all data and communications remain privileged and protected, even if there is a breach in the protection of the security system. So, while someone may steal this data, it remains benign and inaccessible within the security system, thanks to data encryption.
Given the immense scale and frequency of threats, it is not possible for humans to offer peace of mind. However, enterprises can leverage AI-powered, fraud analytics to detect unusual user behavior that can offer an early warning in case of unusual behavior. For instance, the promise of free money by major public figures on Twitter in a coordinated and specious manner would have been a clear red flag to an AI system. Using digital risk protection solutions such as Searchlight™ can help identify and protect against such threats.
While the digital era has brought along significant advances in technology, capabilities, and experiences, it has also opened up the doorway to continuously evolving threats, stringent IT governances and compliances, and cloud service adoption. With sensitive data being collected, processed, and disseminated within the infra and cloud environment, it is imperative to implement robust network and infrastructure security – leveraging knowledge, toolsets, and other resources.
To help organizations mitigate risk, HCL recently opened a state-of-the-art security operations and response facility in Gothenburg, Sweden, integrating multi-domain security teams, processes and cutting-edge analytics enabling organizations to detect threats faster and resolve incidents efficiently.